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Amendments in the Claims 

1 . (Previously Presented) A network security system, comprising: 

a static policy data store having a static policy data attribute; 

a dynamic policy data store for tracking a threat level associated with a connectionHbe 
dynamic policy data atoro having a dynamic poUcy data attribute ; and 

an authorization enforcement facility (AEF) in communication with the static poUcy data 
store and the dynamic policy data store and operable to: 

perform a risk-aware analysis of the connection to determine the threat level 
associated with the connection based at least in part on the static poUcy data attribute , and 

store the determined threat level in the dynamic policy data s tore as a dynamic 

policy data attribute . 

2. (Previously Presented) The network security system of claim 1 , wherein the static pohcy 
data store comprises at least one of a constraint, a role, a node-role assigimient, a threshold value, 
a node value, a service value, or an action value. 

3 . (Previously Presented) The network security system of claim 2, wherein the threshold 
value is inversely proportional to the node value. 

4. (Previously Presented) The network security system of claim 2, wherein the threshold 
value is inversely proportional to the service value. 

5. (Previously Presented) The network security system of claim 1 , wherein the dynamic 
policy data store comprises a threat level table. 

6 . (Previously Presented) The network security system of claim 1 , wherein the AEF is 
further operable to generate a response to the connection. 
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7. (Previously Presented) The network security system of claim 6, wherein the response 
comprises at least one of blocking the source of the connection from connecting to an intended 
destination, altering the intended destination of the connection, or auditing the connection. 

8 . (Previously Presented) The network security system of claim 1 , wherein the AEF is 
further operable to generate a countermeasure. 

9. (Previously Presented) The network security system of claim 8, wherein the 
countermeasure comprises an active countermeasxu-e or a passive countermeasure. 

1 0. (Previously Presented) The network security system of claim 1 , wherein the AEF 
comprises a router, a gateway, a hardware appliance, or a web server. 

1 1 . (Previously Presented) The network security system of claim 1 , further comprising a 
firewall in communication with the AEF. 

12. (Previously Presented) The network security system of claim 1 , further comprising an 
intrusion detection system in communication with the AEF. 

1 3 . (Previously Presented) A method comprising: 

receiving a static policy data attribute from a static poUcy data store; 
receiving a connection request directed to a node; 

determining a threat level associated with the connection request based at least in part on 
the static poUcy data attribute; and 

storing the threat level associated with the connection request as a dynamic poUcy data 
attribute in a dynamic pohcy data store. 

14. (Previously Presented) The method of claim 13, further comprising responding to the 
connection request. 
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1 5 . (Previously Presented) The method of claim 1 4, wherein responding comprises at least 
one of forwarding the connection request to the node; blocking the source of the connection from 
connecting to an intended destination, altering the intended destination of the connection, or 
auditing the connection. 

16. (Previously Presented) The method of claim 13, further comprising updating the dynamic 
policy data attribute in the dynamic pohcy data store based on a resuU of the determination. 

1 7. (Previously Presented) The method of claim 16, wherein the updating comprises 
increasing the threat level if the connection request is determined to be anomalous. 

20. (New) A network security system, comprising: 

a static policy data store having a static pohcy data attribute comprising at least one of a 
constraint, a role, a node-role assignment, a threshold value, a node value, a service value, or an 
action value; 

a dynamic policy data store for tracking a threat level associated with a connection; and 
an authorization enforcement facility (AEF) in communication with the static policy data 
store and the dynamic pohcy data store and operable to: 

perform a risk-aware analysis of the connection to deteraiine the threat level 
associated with the connection based at least in part on the static policy data attribute, 

store the determined threat level in the dynamic policy data store as a dynamic 
policy data attribute in a threat level table, and 

generate a countermeasure, the countermeasure comprising an active 
coimtermeasure or a passive coimtemieasure. 
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